SQL Clone
SQLServerCentral is supported by Redgate
 
Log in  ::  Register  ::  Not logged in
 
 
 


Audit Database Changes in the Real World


Audit Database Changes in the Real World

Author
Message
magarity kerns
magarity kerns
SSChasing Mays
SSChasing Mays (638 reputation)SSChasing Mays (638 reputation)SSChasing Mays (638 reputation)SSChasing Mays (638 reputation)SSChasing Mays (638 reputation)SSChasing Mays (638 reputation)SSChasing Mays (638 reputation)SSChasing Mays (638 reputation)

Group: General Forum Members
Points: 638 Visits: 397
What a great system! What are the requirements for the monitoring server and how many does yours monitor? Can it be done on the cheap with express or workgroup edition?
Anipaul
Anipaul
SSCrazy Eights
SSCrazy Eights (8K reputation)SSCrazy Eights (8K reputation)SSCrazy Eights (8K reputation)SSCrazy Eights (8K reputation)SSCrazy Eights (8K reputation)SSCrazy Eights (8K reputation)SSCrazy Eights (8K reputation)SSCrazy Eights (8K reputation)

Group: General Forum Members
Points: 8035 Visits: 1407
tonyf (6/11/2008)
Why do all these articles assume that the DBA can be trusted?


Trust has to be there and I believe most of the DBAs can be trusted.



tjaybelt
tjaybelt
Right there with Babe
Right there with Babe (791 reputation)Right there with Babe (791 reputation)Right there with Babe (791 reputation)Right there with Babe (791 reputation)Right there with Babe (791 reputation)Right there with Babe (791 reputation)Right there with Babe (791 reputation)Right there with Babe (791 reputation)

Group: General Forum Members
Points: 791 Visits: 470
magarity kerns (6/11/2008)
What a great system! What are the requirements for the monitoring server and how many does yours monitor? Can it be done on the cheap with express or workgroup edition?


Ive done this on a couple systems, and you are limited by hdd size as the data grows. you will have trace files taking up space. and you will have data files growing as you collect data. You need to keep that in mind as you create a similar system, cause once the file space shrinks, no monitoring occurs... and then you are left with your pants down, so to speak. nothing like having to explain to an auditor why you have a gap in your data collection...

since you are running a server side trace, you will need to be able to fire off those procs to accomplish this. im not sure if these are available in express. to be honest, ive never used it. Maybe someone can answer that portion?

best suggestion that i can give you is to try it out on whatever system you can get your hands on. even housing this on a prod system is an option, if you have no other sql box to put it on. And as time goes, you'll see if it needs to be moved. moving it is fairly easy to do, as well.



magarity kerns
magarity kerns
SSChasing Mays
SSChasing Mays (638 reputation)SSChasing Mays (638 reputation)SSChasing Mays (638 reputation)SSChasing Mays (638 reputation)SSChasing Mays (638 reputation)SSChasing Mays (638 reputation)SSChasing Mays (638 reputation)SSChasing Mays (638 reputation)

Group: General Forum Members
Points: 638 Visits: 397
tonyf (6/11/2008)
Why do all these articles assume that the DBA can be trusted?

Because the DBA knows that independent auditors will eventually catch up with him/her. Maybe not this audit cycle, but someday. Since the DBA's pay and bonuses are a lot less likely to be oriented to benefit cheating, unlike, say, a star sales rep, the DBA is among the least likely to be untrustworthy.
At some point there just isn't a next level of watchers to watch the watchers, so don't let the paranoia keep your organization from functioning.
tjaybelt
tjaybelt
Right there with Babe
Right there with Babe (791 reputation)Right there with Babe (791 reputation)Right there with Babe (791 reputation)Right there with Babe (791 reputation)Right there with Babe (791 reputation)Right there with Babe (791 reputation)Right there with Babe (791 reputation)Right there with Babe (791 reputation)

Group: General Forum Members
Points: 791 Visits: 470
magarity kerns (6/11/2008)
tonyf (6/11/2008)
Why do all these articles assume that the DBA can be trusted?

Because the DBA knows that independent auditors will eventually catch up with him/her. Maybe not this audit cycle, but someday. Since the DBA's pay and bonuses are a lot less likely to be oriented to benefit cheating, unlike, say, a star sales rep, the DBA is among the least likely to be untrustworthy.
At some point there just isn't a next level of watchers to watch the watchers, so don't let the paranoia keep your organization from functioning.


great point. its what i have felt for a long time. I was so frustrated when the auditor told me that a system like this wouldnt help, cause i could edit the data. he said the same about a spreadsheet report, being that its not an acceptable form of data reporting, because its editable.
so i really got his goose one day when he asked for a screenshot (assumed the best form of verification). I went to my virus software, and did a screenshot of the dates of files, then edited them in my image software, putting the date a few hundred years in the future... and it blew his mind that that was no longer a valid and safe form of reporting...

it always comes back to trust. If i have something watching me, im more likely to be honest. the more monitoring that occurs, the better the higher ups will feel, and the auditors. and i am free to do my job, which i would do honestly in the first place...



minijogy
minijogy
Forum Newbie
Forum Newbie (3 reputation)Forum Newbie (3 reputation)Forum Newbie (3 reputation)Forum Newbie (3 reputation)Forum Newbie (3 reputation)Forum Newbie (3 reputation)Forum Newbie (3 reputation)Forum Newbie (3 reputation)

Group: General Forum Members
Points: 3 Visits: 131
Great article!
Would you please post the code. It would save us a lot of time if you could post us the code



tjaybelt
tjaybelt
Right there with Babe
Right there with Babe (791 reputation)Right there with Babe (791 reputation)Right there with Babe (791 reputation)Right there with Babe (791 reputation)Right there with Babe (791 reputation)Right there with Babe (791 reputation)Right there with Babe (791 reputation)Right there with Babe (791 reputation)

Group: General Forum Members
Points: 791 Visits: 470
minijogy (6/11/2008)
Great article!
Would you please post the code. It would save us a lot of time if you could post us the code



im not sure why the code isnt out there. Ive emailed SSC to see about adding it back in.
does anyone have a location i can upload it too, and provide a link for others to grab it from?



tjaybelt
tjaybelt
Right there with Babe
Right there with Babe (791 reputation)Right there with Babe (791 reputation)Right there with Babe (791 reputation)Right there with Babe (791 reputation)Right there with Babe (791 reputation)Right there with Babe (791 reputation)Right there with Babe (791 reputation)Right there with Babe (791 reputation)

Group: General Forum Members
Points: 791 Visits: 470
here is a link i just created on my MSN Live Space. I tested it and it downloaded the file just fine.

Sql File

lemme know if this doesnt work.



Steve Jones
Steve Jones
SSC Guru
SSC Guru (81K reputation)SSC Guru (81K reputation)SSC Guru (81K reputation)SSC Guru (81K reputation)SSC Guru (81K reputation)SSC Guru (81K reputation)SSC Guru (81K reputation)SSC Guru (81K reputation)

Group: Administrators
Points: 81405 Visits: 19207
Code has been added to the article.

Follow me on Twitter: @way0utwest
Forum Etiquette: How to post data/code on a forum to get the best help
My Blog: www.voiceofthedba.com
Jack Corbett
  Jack Corbett
SSC-Insane
SSC-Insane (23K reputation)SSC-Insane (23K reputation)SSC-Insane (23K reputation)SSC-Insane (23K reputation)SSC-Insane (23K reputation)SSC-Insane (23K reputation)SSC-Insane (23K reputation)SSC-Insane (23K reputation)

Group: General Forum Members
Points: 23762 Visits: 14905
Anirban Paul (6/11/2008)
tonyf (6/11/2008)
Why do all these articles assume that the DBA can be trusted?


Trust has to be there and I believe most of the DBAs can be trusted.


At some point you have to have trust in order to get any work done. Steve Jones has mentioned bonding for DBAs several times in his editorials just for this reason. This is also why we are usually subject to background checks and drug tests.



Jack Corbett

Applications Developer

Don't let the good be the enemy of the best. -- Paul Fleming
At best you can say that one job may be more secure than another, but total job security is an illusion. -- Rod at work

Check out these links on how to get faster and more accurate answers:
Forum Etiquette: How to post data/code on a forum to get the best help
Need an Answer? Actually, No ... You Need a Question
How to Post Performance Problems
Crosstabs and Pivots or How to turn rows into columns Part 1
Crosstabs and Pivots or How to turn rows into columns Part 2
Go


Permissions

You can't post new topics.
You can't post topic replies.
You can't post new polls.
You can't post replies to polls.
You can't edit your own topics.
You can't delete your own topics.
You can't edit other topics.
You can't delete other topics.
You can't edit your own posts.
You can't edit other posts.
You can't delete your own posts.
You can't delete other posts.
You can't post events.
You can't edit your own events.
You can't edit other events.
You can't delete your own events.
You can't delete other events.
You can't send private messages.
You can't send emails.
You can read topics.
You can't vote in polls.
You can't upload attachments.
You can download attachments.
You can't post HTML code.
You can't edit HTML code.
You can't post IFCode.
You can't post JavaScript.
You can post emoticons.
You can't post or upload images.

Select a forum

































































































































































SQLServerCentral


Search